An article explaining how to validate the PGP signatures of software packages, and establish a weak but reasonably secure web of trust when establishing an uninterrupted one is not practical. This is useful when downloading Lisp software with ASDF-INSTALL. The article was written by Juliusz Chroboczek.